AWS API Gateway Method Authentication using AWS_IAM

Question

I've created an API Gateway and added AWS_IAM for Authorization. I've launched an EC2 instance with the below role attached,

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "execute-api:Invoke"
            ],
            "Resource": [
                "arn:aws:execute-api:ap-south-1:123456789123:abcd12345/*/*/myresource"
            ]
        }
    ]
}

When I tried to do CURL to my API gateway endpoint, the request failed with 403 and message "Missing Authentication Token".

Is it not possible to use role with IAM authorization in API Gateway?

Marcin Marcin · Accepted Answer · 2021-01-28T08:37:39

It is possible, but regular curl does not create a signed request with AWS credentials. You need to contract such signature and call your API endpoint with that signature.

If you work with python you can do this using aws-requests-auth on your instance.

AWS API Gateway Method Authentication using AWS_IAM

1 Answers